dns.scm
| 1 | ;;; Tyreunom's system administration and configuration tools. |
| 2 | ;;; |
| 3 | ;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu> |
| 4 | ;;; |
| 5 | ;;; This program is free software: you can redistribute it and/or modify |
| 6 | ;;; it under the terms of the GNU General Public License as published by |
| 7 | ;;; the Free Software Foundation, either version 3 of the License, or |
| 8 | ;;; (at your option) any later version. |
| 9 | ;;; |
| 10 | ;;; This program is distributed in the hope that it will be useful, |
| 11 | ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | ;;; GNU General Public License for more details. |
| 14 | ;;; |
| 15 | ;;; You should have received a copy of the GNU General Public License |
| 16 | ;;; along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 17 | |
| 18 | ;; |
| 19 | ;; DNS services |
| 20 | ;; |
| 21 | |
| 22 | (define-module (config dns) |
| 23 | #:use-module (data dns) |
| 24 | #:use-module (gnu services) |
| 25 | #:use-module (gnu services dns) |
| 26 | #:use-module (srfi srfi-1) |
| 27 | #:use-module (ice-9 textual-ports) |
| 28 | #:export (ipv4-reverse-master-zone |
| 29 | ipv6-reverse-master-zone |
| 30 | lepiller-master-zone |
| 31 | lepiller-slave-zone |
| 32 | master-acl |
| 33 | slave-acl |
| 34 | hermes |
| 35 | nono)) |
| 36 | |
| 37 | ;; Update this when changing the zone: |
| 38 | (define lepiller-serial 2024012301) |
| 39 | |
| 40 | (define public-dkim |
| 41 | (apply |
| 42 | string-append |
| 43 | (string-split |
| 44 | (call-with-input-file "/etc/mail/dkim/public.key" get-string-all) |
| 45 | #\newline))) |
| 46 | |
| 47 | (define-zone-entries lepiller.eu.zone |
| 48 | ;; Name TTL Class Type Data |
| 49 | ("ene" "" "IN" "A" ene-toulouse-ip4) |
| 50 | ("ene" "" "IN" "AAAA" ene-toulouse-ip6) |
| 51 | ("hermes" "" "IN" "A" hermes-ip4) |
| 52 | ("hermes" "" "IN" "AAAA" hermes-ip6) |
| 53 | ("xana" "" "IN" "A" xana-ip4) |
| 54 | ("dark" "" "IN" "A" dark-ip4) |
| 55 | ("bright" "" "IN" "A" bright-ip4) |
| 56 | ("seven" "" "IN" "A" seven-ip4) |
| 57 | ("nono" "" "IN" "A" nono-ip4) |
| 58 | ("nono" "" "IN" "AAAA" nono-ip6) |
| 59 | ("lieserl" "" "IN" "A" lieserl-ip4) |
| 60 | ("lieserl" "" "IN" "AAAA" lieserl-ip6) |
| 61 | ("@" "" "IN" "A" hermes-ip4) |
| 62 | ("@" "" "IN" "AAAA" hermes-ip6) |
| 63 | ("www" "" "IN" "CNAME" "lepiller.eu.") |
| 64 | |
| 65 | ("avatar" "" "IN" "CNAME" "nono") |
| 66 | ("genealogie" "" "IN" "CNAME" "nono") |
| 67 | ("git" "" "IN" "CNAME" "nono") |
| 68 | ("i18n" "" "IN" "CNAME" "xana") |
| 69 | ("nani" "" "IN" "CNAME" "xana") |
| 70 | ("offlate" "" "IN" "CNAME" "xana") |
| 71 | ("social" "" "IN" "CNAME" "nono") |
| 72 | ("dico" "" "IN" "CNAME" "hermes") |
| 73 | ("lfs" "" "IN" "CNAME" "bright") |
| 74 | |
| 75 | ("toulouse" "" "IN" "CNAME" "nono") |
| 76 | |
| 77 | ("@" "" "IN" "NS" "ns") |
| 78 | ("@" "" "IN" "NS" "ns2") |
| 79 | ("ns" "" "IN" "A" hermes-ip4) |
| 80 | ("ns" "" "IN" "AAAA" hermes-ip6) |
| 81 | ("ns2" "" "IN" "A" nono-ip4) |
| 82 | ("ns2" "" "IN" "AAAA" nono-ip6) |
| 83 | |
| 84 | ("@" "" "IN" "MX" "10 courriel") |
| 85 | ("@" "" "IN" "MX" "50 b.courriel") |
| 86 | ("@" "" "IN" "MX" "20 wio6sja633kwuybkyqex7vvnzqvrhrtzjix6cjhsqi42hx3n2qjfmzid.onion.") |
| 87 | ("@" "" "IN" "MX" "60 5g33mrv2rp2onyvte2b3ge5a44fxansxwt4sajmmae7lgorxjgz5czad.onion.") |
| 88 | ("b.courriel" "" "IN" "A" hermes-ip4) |
| 89 | ("b.courriel" "" "IN" "AAAA" hermes-ip6) |
| 90 | ("courriel" "" "IN" "A" nono-ip4) |
| 91 | ("courriel" "" "IN" "AAAA" nono-ip6) |
| 92 | ("imap" "" "IN" "CNAME" "courriel") |
| 93 | ("smtp" "" "IN" "CNAME" "b.courriel") |
| 94 | ("@" "" "IN" "TXT" "\"v=spf1 mx a ~all\"") |
| 95 | ("@" "" "IN" "SPF" "\"v=spf1 mx a ~all\"") |
| 96 | |
| 97 | ("dkim._domainkey" "" "IN" "TXT" (string-append "v=DKIM1\\; p=" public-dkim "\\; s=email\\; t=s")) |
| 98 | ("_dmarc" "" "IN" "TXT" "v=DMARC1\\; p=none\\; sp=reject\\; rua=mailto:rua@lepiller.eu!10m\\; ruf=mailto:ruf@lepiller.eu!10m\\; rf=afrf\\; pct=100\\; ri=86400")) |
| 99 | |
| 100 | (define-zone-entries ipv4-reverse.zone |
| 101 | ("@" "" "IN" "PTR" "lepiller.eu.") |
| 102 | ("@" "" "IN" "NS" "ns.lepiller.eu.") |
| 103 | ("@" "" "IN" "NS" "ns2.lepiller.eu.")) |
| 104 | |
| 105 | (define-zone-entries ipv6-reverse.zone |
| 106 | ("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0" "" "IN" "PTR" "lepiller.eu.") |
| 107 | ("@" "" "IN" "NS" "ns.lepiller.eu.") |
| 108 | ("@" "" "IN" "NS" "ns2.lepiller.eu.")) |
| 109 | |
| 110 | (define nono |
| 111 | (knot-remote-configuration |
| 112 | (id "nono") |
| 113 | (address (list nono-ip4 nono-ip6)) |
| 114 | (key "lepiller-key"))) |
| 115 | |
| 116 | (define hermes |
| 117 | (knot-remote-configuration |
| 118 | (id "hermes") |
| 119 | (address (list hermes-ip4 hermes-ip6)) |
| 120 | (key "lepiller-key"))) |
| 121 | |
| 122 | (define master-acl |
| 123 | (knot-acl-configuration |
| 124 | (id "master-acl") |
| 125 | (address (list nono-ip4 nono-ip6)) |
| 126 | (key '("lepiller-key")) |
| 127 | (action '(transfer)))) |
| 128 | |
| 129 | (define slave-acl |
| 130 | (knot-acl-configuration |
| 131 | (id "slave-acl") |
| 132 | (address (list hermes-ip4 hermes-ip6)) |
| 133 | (key '("lepiller-key")) |
| 134 | (action '(notify)))) |
| 135 | |
| 136 | (define lepiller-master-zone |
| 137 | (knot-zone-configuration |
| 138 | (domain "lepiller.eu") |
| 139 | (notify '("nono")) |
| 140 | (dnssec-policy "default") |
| 141 | (acl '("master-acl")) |
| 142 | (zonefile-load 'difference) |
| 143 | (zone (zone-file |
| 144 | (origin "lepiller.eu") |
| 145 | (entries lepiller.eu.zone) |
| 146 | (serial lepiller-serial))))) |
| 147 | |
| 148 | (define lepiller-slave-zone |
| 149 | (knot-zone-configuration |
| 150 | (domain "lepiller.eu") |
| 151 | (acl '("slave-acl")) |
| 152 | (master '("hermes")))) |
| 153 | |
| 154 | (define ipv6-reverse-master-zone |
| 155 | (let* ((ip6 (string->list (substring (string-delete #\: hermes-ip6) 0 12))) |
| 156 | (rev-ip6-lst (fold (lambda (elem acc) |
| 157 | (cons* #\. elem acc)) |
| 158 | '() |
| 159 | ip6)) |
| 160 | (rev-ip6 (list->string (cdr rev-ip6-lst))) |
| 161 | (domain (string-append rev-ip6 ".ip6.arpa"))) |
| 162 | (knot-zone-configuration |
| 163 | (domain domain) |
| 164 | (zone (zone-file |
| 165 | (origin domain) |
| 166 | (entries ipv6-reverse.zone) |
| 167 | (ns "ns.lepiller.eu.") |
| 168 | (mail "hostmaster.lepiller.eu.") |
| 169 | (serial 1)))))) |
| 170 | |
| 171 | (define ipv4-reverse-master-zone |
| 172 | (let ((domain (string-append |
| 173 | (string-join (reverse (string-split hermes-ip4 #\.)) ".") |
| 174 | ".in-addr.arpa"))) |
| 175 | (knot-zone-configuration |
| 176 | (domain domain) |
| 177 | (zone (zone-file |
| 178 | (origin domain) |
| 179 | (entries ipv4-reverse.zone) |
| 180 | (ns "ns.lepiller.eu.") |
| 181 | (mail "hostmaster.lepiller.eu.") |
| 182 | (serial 1)))))) |
| 183 |